Forbes CommunityVoice™ allows professional fee-based membership groups ("communities") to connect directly with the Forbes audience by enabling them to create content – and participate in the conversation – on the Forbes digital publishing platform. Each topic-based CommunityVoice™ is produced and managed by the group.

Opinions expressed within Forbes CommunityVoice™ are those of the participating individuals.

Sep 26, 2018, 08:15am

10 Tactics For Teaching Cybersecurity Best Practices To Your Whole Company

Smart leaders know that their entire team needs to be well-educated on the importance and best practices of cybersecurity if they hope to protect their data. Unfortunately, this is easier said than done, especially when it comes to training your non-tech employees. Using too much jargon and technical terms will only disengage them, leaving them less prepared and less vigilant.

While you don't necessarily need to "dumb down" cybersecurity training for non-techies, you do need to present the information in a way that's relatable and easy to understand. Here's how the members of Forbes Technology Council recommend approaching this task.

1. Explain The Business Benefits Of Secure Data

Traditionally teams have been educated on security using fear, uncertainty and doubt. Cybersecurity in today's world is best executed inline, which means that every function, role and team member is responsible for protecting the business. So, the best way to educate the team is by explaining how cybersecurity can be a business enabler. - Sameer Shelke, aujas.com

2. Use Metaphors And Analogies That Apply To Them

I use metaphors and analogies. In healthcare I talk about the immune system; in manufacturing, I talk about an organic assembly line, etc. Make the conversation clear and relevant to the audience in an area they are familiar with. - SultanMeghji, Virtova

Education programs aimed at specific roles and users have the highest impact. Developers learn differently than marketers, sales different than support. Providing an easy to consume, targeted training that regularly maps cybersecurity issues to someone's role and KPIs have always worked best. Once you demonstrate how cybersecurity can enable and augment someone's job, engagement will follow. - Jacek Materna, www.assembla.com

4. Highlight The Positive Progress

In a monthly newsletter, we give employees a report card of progress ensuring to call out the positive improvements that have been made since the last update. Real life examples and metrics as well as simulation results and "How To Avoid..." tips also help make the newsletter more of a consumable read for the non-tech employee. - Stephanie Roberts, Sunrun

5. Stick To The Basics And Practical Aspects

There is no point in going into the technical ways cybersecurity works. We focus on what to look for in terms of suspicious activity. We use simple language and hands-on practice to show employees why the security we have works. - Chalmers Brown, Due

6. Establish And Communicate Consistent Processes

I let people know that there will be uniform processes in place for everything we do. We only communicate internally on one platform, we only engage with clients through one platform, and we only bill through one process. It might sound obvious, but variations in the process are how people fall for unfamiliar messages, so consistency helps you avoid that. - Arnie Gordon, Arlyn Scales

7. Help Them Understand The Direct Negative Impact Of Poor Security

Convey to people why cybersecurity is important on a personal level -- that it isn't just a check box on an audit form or a series of pointless hoops to jump through. Customers trust companies with their data. If that data is compromised then that trust is betrayed, which can have a direct negative impact on that individual. Make that person relatable. - Chris Deramus, DivvyCloud

8. Encourage A 'Sanity Check'

In a modern company, not everyone is a tech expert. We ask everyone to do the sanity check: Always double-check the reply address before sending out emails. Always double-check the web URL before you enter sensitive information on your browser. Log out of sensitive sites after your work is done there. - Song Li, Halo Block Inc.

9. Simulate A Hack

Some of the most dangerous cyber attacks involve social engineering, masquerading as business emails but instead redirect your users to malicious sites or trick them in other ways. New services let you launch campaigns internally that mimic hacker techniques to educate and evaluate your employees. Check out Wombat Security, Cofense, SANS Security Awareness and Phishline from Barracuda Networks. - Steve Pao, Hillwork, LLC

10. Lay A Foundation Of 'Cyber Common Sense'

It's crucial to lay the groundwork for "cyber common sense" with new employees and then constantly reinforce it. We have a social engineering and phishing expert on staff who works to make sure that our team is educated on common tactics and basic cybersecurity hygiene. It's ultimately a team effort, but it's our job to make sure everyone is armed with the same tools. - Abishek Surana Rajendra, Course Hero

Forbes Technology Council is an invitation-only, fee-based organization comprised of elite CIOs, CTOs and technology executives. Find out if you qualify at forbestechcouncil.com. Questions about an article? Email